Connect with us

Hi, what are you looking for?


Cloud Security

Multicloud + IoT: Securing IoT Applications in Diverse, Distributed Environments

IoT and Network Threats are Not One-dimensional

IoT and Network Threats are Not One-dimensional

It’s not just the consumer market driving the rapid proliferation of connected gadgets. The latest connected toys and appliances might be the most visible during the holiday season, but enterprises are also integrating Internet of Things (IoT) applications and devices into office spaces and day-to-day operations across industries. From drones to smart switches and HVAC systems, it’s clear IoT technology can offer businesses a competitive edge through increased convenience, connectivity and the massive amount of data generated by connected devices. 

Although vast amounts of data alone do not necessarily add value, through analytics, important insights can be extrapolated and applied to improve business. But the potential advancements enabled by IoT also introduce new cybersecurity and compliance risks to the non-stop sophisticated threat landscape that already strapped security teams are grappling to protect against. To complicate things further, defined network perimeters are disappearing, weakening the effectiveness of traditional security postures. And on top of that, workloads, apps and ecosystems are all becoming more diverse and complex.

Despite this new, unfamiliar cyber-terrain, organizations are moving from small IoT pilots to large-scale implementations. The results of a recent survey launched by the Internet of Things Institute and Juniper Networks illuminate key challenges and learnings for how organizations can prepare their security posture for IoT implementations at scale.  

Multicloud, meet IoT

Following a trend across various areas of IT, organizations are now running IoT application workloads in diverse locations that create complex ecosystems for IT and security personnel to oversee. To be more specific:

• Over half (51 percent) of survey respondents reported IoT application workloads run in private data or control centers, 36 percent maintain deployments at the network edge and the remainder (13 percent) run their workloads in a public cloud. 

Advertisement. Scroll to continue reading.

• Twenty-six percent of respondents run their IoT application workloads on one cloud and 29 percent have workloads in two or more clouds, indicating that many IoT workloads are in a multicloud environment. Only 45 percent of respondents are not currently running IoT applications on any cloud. 

Part of the challenge of securing IoT applications and workloads is the inherent distributed complexity of these technologies. As enterprises prepare to scale IoT deployments, they need to be concurrently planning to address these complexity issues, especially with regards to security. While running these applications in public, private and on-premises environments is a natural next step that provides more flexibility, increased connectivity also exposes organizations to additional security vulnerabilities. 

Truly securing IoT workloads demands more than just securing a device or endpoint. Leverage IoT deployments as opportunities to provide a much-needed chance to review features and configurations with an eye to the future. 

Diverse risks

From IoT malware proliferation across the organization to protecting privacy, the survey also found that the majority of enterprises are extremely concerned or very concerned about a wide range of IoT security challenges – and they should be. No enterprise wants to be hit with malware or an advanced cyberattack, but poorly implemented security creates vulnerabilities that hackers are only too happy to exploit. Look no further than the destruction caused by Mirai variants that have ensnared hundreds of thousands of IoT devices, from the widescale DDoS attack on Dyn’s managed DNS infrastructure to the Satori attack. Threat researchers believe that the number and variety of malware on the hunt for IoT device vulnerabilities will continue to increase.  

Understandably, 51 percent of survey respondents overwhelmingly reported their top IoT security challenge is hard-to-detect sophisticated IoT threats such as zero-day attacks. But it’s doubtful this comes as a surprise to anyone in the cybersecurity industry. 

Activate all defenses 

I’ve said it once and I’ll say it again, the traditional network perimeter is stretching and evolving, and perimeter-based firewalls will not provide sufficient security for IoT workloads operating in diverse environments. IoT and network threats are not one-dimensional, so neither should be an organization’s security. Securing IoT workloads at scale requires establishing a holistic approach from the inside out. 

When it comes to securing our organizations, the network is our friend, not a liability. Survey respondents couldn’t agree more – 72 percent of respondents believe the role of the network is very important or even critical for their organization’s IoT security. Organizations that have already implemented multiple IoT projects are even more likely (26 percent) to rate the network’s importance as critical than respondents who have implemented only one project (9 percent). 

Put a mix of security in place: invest in on-premises solutions such as DLP or IDS/IPS, secure the cloud, include advanced threat prevention and install virtual firewalls. Activating all of a network’s defenses provides greater scale with near-real-time protection to protect against new threats that are continuously being discovered.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...